diff options
author | Nikolay Amiantov <ab@fmap.me> | 2016-01-17 04:10:29 +0300 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2016-01-17 15:50:40 +0300 |
commit | c311901810ab8ddefd38d94e5f625212a86e1c6b (patch) | |
tree | 3d1f7283e3ae310405423f0963fcd4279daa71f0 /nixos/modules/services | |
parent | d93f866f55adb6831e054e717253ee94071240b0 (diff) | |
download | nixpkgs-c311901810ab8ddefd38d94e5f625212a86e1c6b.tar nixpkgs-c311901810ab8ddefd38d94e5f625212a86e1c6b.tar.gz nixpkgs-c311901810ab8ddefd38d94e5f625212a86e1c6b.tar.bz2 nixpkgs-c311901810ab8ddefd38d94e5f625212a86e1c6b.tar.lz nixpkgs-c311901810ab8ddefd38d94e5f625212a86e1c6b.tar.xz nixpkgs-c311901810ab8ddefd38d94e5f625212a86e1c6b.tar.zst nixpkgs-c311901810ab8ddefd38d94e5f625212a86e1c6b.zip |
cupsd service: don't allow overriding necessary configuration options
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/printing/cupsd.nix | 112 |
1 files changed, 53 insertions, 59 deletions
diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix index 5964b62cc21..58d541dbcba 100644 --- a/nixos/modules/services/printing/cupsd.nix +++ b/nixos/modules/services/printing/cupsd.nix @@ -42,6 +42,52 @@ let ignoreCollisions = true; }; + writeConf = name: text: pkgs.writeTextFile { + inherit name text; + destination = "/etc/cups/${name}"; + }; + + cupsFilesFile = writeConf "cups-files.conf" '' + SystemGroup root wheel + + ServerBin ${bindir}/lib/cups + DataDir ${bindir}/share/cups + + AccessLog syslog + ErrorLog syslog + PageLog syslog + + TempDir ${cfg.tempDir} + + # User and group used to run external programs, including + # those that actually send the job to the printer. Note that + # Udev sets the group of printer devices to `lp', so we want + # these programs to run as `lp' as well. + User cups + Group lp + + ${cfg.extraFilesConf} + ''; + + cupsdFile = writeConf "cupsd.conf" '' + ${concatMapStrings (addr: '' + Listen ${addr} + '') cfg.listenAddresses} + Listen /var/run/cups/cups.sock + + SetEnv PATH ${bindir}/lib/cups/filter:${bindir}/bin + + DefaultShared ${if cfg.defaultShared then "Yes" else "No"} + + Browsing ${if cfg.browsing then "Yes" else "No"} + + WebInterface ${if cfg.webInterface then "Yes" else "No"} + + ${cfg.extraConf} + ''; + + browsedFile = writeConf "cups-browsed.conf" cfg.browsedConf; + in { @@ -102,25 +148,11 @@ in ''; }; - cupsdConf = mkOption { + extraFilesConf = mkOption { type = types.lines; default = ""; - example = - '' - BrowsePoll cups.example.com - LogLevel debug - ''; description = '' - The contents of the configuration file of the CUPS daemon - (<filename>cupsd.conf</filename>). - ''; - }; - - cupsFilesConf = mkOption { - type = types.lines; - default = ""; - description = '' - The contents of the configuration file of the CUPS daemon + Extra contents of the configuration file of the CUPS daemon (<filename>cups-files.conf</filename>). ''; }; @@ -223,9 +255,9 @@ in environment.systemPackages = [ cups ] ++ optional polkitEnabled cups-pk-helper; environment.etc."cups/client.conf".text = cfg.clientConf; - environment.etc."cups/cups-files.conf".text = cfg.cupsFilesConf; - environment.etc."cups/cupsd.conf".text = cfg.cupsdConf; - environment.etc."cups/cups-browsed.conf".text = cfg.browsedConf; + environment.etc."cups/cups-files.conf".source = cupsFilesFile; + environment.etc."cups/cupsd.conf".source = cupsdFile; + environment.etc."cups/cups-browsed.conf".source = browsedFile; environment.etc."cups/snmp.conf".text = cfg.snmpConf; services.dbus.packages = [ cups ] ++ optional polkitEnabled cups-pk-helper; @@ -274,49 +306,13 @@ in serviceConfig.ExecStart = "${cups_filters}/bin/cups-browsed"; - restartTriggers = - [ config.environment.etc."cups/cups-browsed.conf".source - ]; + restartTriggers = [ browsedFile ]; }; - services.printing.cupsFilesConf = - '' - SystemGroup root wheel - - ServerBin ${bindir}/lib/cups - DataDir ${bindir}/share/cups - - AccessLog syslog - ErrorLog syslog - PageLog syslog - - TempDir ${cfg.tempDir} - - # User and group used to run external programs, including - # those that actually send the job to the printer. Note that - # Udev sets the group of printer devices to `lp', so we want - # these programs to run as `lp' as well. - User cups - Group lp - ''; - - services.printing.cupsdConf = + services.printing.extraConf = '' LogLevel info - ${concatMapStrings (addr: '' - Listen ${addr} - '') cfg.listenAddresses} - Listen /var/run/cups/cups.sock - - SetEnv PATH ${bindir}/lib/cups/filter:${bindir}/bin:${bindir}/sbin - - DefaultShared ${if cfg.defaultShared then "Yes" else "No"} - - Browsing ${if cfg.browsing then "Yes" else "No"} - - WebInterface ${if cfg.webInterface then "Yes" else "No"} - DefaultAuthType Basic <Location /> @@ -357,8 +353,6 @@ in Order deny,allow </Limit> </Policy> - - ${cfg.extraConf} ''; security.pam.services.cups = {}; |